Previously, EM executed scripts in the context of a container by
connecting to a Unix socket itself. Because warden shells out for every
other task it does, executing scripts inside a container is now also
done by shelling out. Making this work right using existing tools
proved to be cumbersome, so I included a small C program that either
listens or connects to a Unix socket.
Change-Id: I7f6df9786b9631aff2bd57cc1d20c8d337415bf0

…e limits
This diff includes a few of things:
1. A class for monitor quota usage and tearing down containers that exceed their limits.
2. A small C program for reporting quota usage. This is necessary because repquota
has several bugs that prevent us from using it to reliably check quota usage.
3. Small refactor that moves everything under the :quota config hash. This makes sense,
as we only need the uidpool if quota support is enabled.
Test plan:
- Existing unit tests pass
- New unit tests pass
Change-Id: I8dccd91bb4571f051c7a328d22436b77c6fb3f0c

We originally returned the raw string returned from repquota as
the keys of the quota information app. This converts the raw string
into an integer representation and uses it as the key instead.
Test plan:
- New unit test passes
- All old unit tests pass
Change-Id: Id8dac37a2ad736a7997f5a8eb137d81d45d34ba8

This is in preparation for adding quota support to the LXC container.
If a uid pool is supplied the LXC container will now attempt to acquire a
uid for each container that is created. A WardenError will be raised in the
event that a uid cannot be acquired. Note that the uid is the same both inside
and outside the container in order to facilitate enforcement of disk quotas.
Test plan:
- All existing tests pass.
- New tests pass.
Change-Id: Ic509c0cd9e40275f92207d35bb9bfb943d700026

lxc-start will abort if it inherits any file descriptors. We avoid
this by first closing fds and then exec'ing lxc-start.
Test plan:
- Container creation works
Change-Id: If436db238cfceb787c3167db8310df54f9d79bde